It may come as a surprise to learn that the transport and logistics sector ranks in second place in a list of industries most affected by cyber-crime worldwide1. But then look at how the industry has changed in recent years, and the reasons why it is now a tempting target for cyber criminals becomes clear.
First, transport and logistics is one of the largest and most profitable industries worldwide1, which is attractive to highly organised cyber-crime groups motivated by financial gain2.
Second, widespread technology adoption means fleet operators are now sharing more data with partners and vendors than ever before. This alone presents an opportunity for cyber criminals, while the sheer number of parties involved in the cargo supply chain provides an even greater opportunity to identify and exploit weak links in cyber security3.
Transport and logistics cyber risks
All this makes it even more important that transport and logistics firms stay up-to-date on the cyber threat landscape – to better understand and help defend against a wide range of existing and emerging cyber risks.
With that in mind, here are some of the most prominent cyber risks facing the transport and logistics industry:
- Ransomware: Hackers infiltrate a company’s IT infrastructure and encrypt selected files or the entire system, making it inaccessible to the business unless it pays a ransom. This is a fast-growing threat – during the first half of 2020 reported ransomware incidents grew by 715% year on year – and one that is increasingly being employed against transport and logistics firms4.
For instance, in December 2020, trucking and freight company Forward Air was affected by a ransomware attack that wiped $7.5 million off its Q4 financial results5.
- Phishing emails: A high proportion of phishing email attacks target companies in the logistics industry1. Phishing involves cyber criminals contacting target organisations by email, telephone or text message, posing as a legitimate person – the aim being to lure the recipient into giving up sensitive data and passwords6.
One recent example saw cyber criminals use phishing techniques to target the COVID-19 cold supply chain – gaining access to a German biomedical company’s network before using its own email system to distribute further phishing emails to partners involved in transporting the vaccine7.
- Corporate hacking: The transport and logistics industry has also seen cases of corporate hacking – where a company uses hacking techniques to steal sensitive information from a competitor8. No-one knows for certain, but it is conceivable that corporate hacking was behind an attack on Total Quality Logistics that saw attackers gain access to some partner organisations’ sensitive business information9.
- Bill of Lading ransom: In this case, scammers posing as freight forwarders negotiate with an unwitting client and, once goods are packed from the port of loading, deny the release of the Bill of Lading (BOL) until a ransom is paid10.
- Freight forwarding fraud: Another freight forwarding scam involves scammers impersonating a legitimate company by essentially copying its website. The aim is to steal freight forwarding fees or make off with any cargo that falls into their possession7.
- Sensor data intercepts: The increased use of sensors and Internet of Things devices in transport and logistics is also an opportunity to cyber criminals. For example, cyber thieves may seek to intercept communications between a logistics firm’s sensor and its IT systems, harvesting data to sell to a competitor11.
- Remote worker exploits: The huge growth in remote working in 2020 opens up opportunities for hackers because remote workers sit outside of corporate security systems. The fact that cyber criminals have been quick to adapt – developing new techniques to exploit patchy security on remote devices – is bad news for businesses with distributed workforces, like transport and logistics12.
Cyber security for transport and logistics
The scale of the cyber threat facing transport and logistics companies, as well as potential losses running to tens of millions7, means that taking steps to defend IT systems against cyber-attacks is crucially important.
Clearly, everything starts with security. That means understanding the risks, assessing potential vulnerabilities in IT systems and taking steps to address them through best practice security and access controls – for instance following guidance from the Cyber Essentials scheme.
Meanwhile, given that the rapidly evolving nature of cyber-attacks makes it hard to stay ahead of the hackers, transport and logistics firms are adding cyber liability insurance to their wider haulage and logistics insurance programmes – to help minimise the financial and reputational damage if the worst should happen.
For more information on cyber risk and insurance, read our data and cyber risks articles or explore our cyber liability insurance solutions to talk to a cyber insurance expert.
Sources:
1 hornetsecurity.com/data/downloads/reports/document-cybersecurity-special-logistics-en.pdf
2 nationalcrimeagency.gov.uk/what-we-do/crime-threats/cyber-crime
3 foodlogistics.com/transportation/article/21126721/trimble-transportation-cybersecurity-best-practices-for-the-connected-world-of-trucking
4 ttnews.com/articles/how-trucking-can-fend-cyberattacks
5 zdnet.com/article/trucking-company-forward-air-said-its-ransomware-incident-cost-it-7-5-million/
6 phishing.org/what-is-phishing
7 securityintelligence.com/articles/cybersecurity-in-logistics-gaps-and-opportunities/
8 foodlogistics.com/transportation/article/21126721/trimble-transportation-cybersecurity-best-practices-for-the-connected-world-of-trucking
9 freightwaves.com/news/update-tql-says-data-breach-was-not-malware-or-ransomware-attack
10 supplychaingamechanger.com/3-most-common-freight-forwarding-scams-and-how-to-avoid-them/
11 travelers.com/business-insights/industries/transportation/understanding-the-risks-of-transportation-iot
12 securityboulevard.com/2020/12/top-10-cybersecurity-threats-in-2021-and-how-to-protect-your-business/
Real-world insight that we don't share anywhere else
Get access to exclusive help, advice and support, delivered straight to your inbox.
Share this article
Read our latest related articles
-
March 22, 2024
Safeguarding sensitive data: cybersecurity challenges and solutions for umbrella companies and recruiters
Umbrella companies and recruiters face cybersecurity challenges handling sensitive data. In our article we explore vulnerabilities and solutions.
-
March 20, 2024
2024 RHA Conditions of Carriage Key changes and updates
The RHA has rolled out its updated terms and conditions for 2024. Here's a breakdown of the key modifications and what you must do to ensure compliance.
-
March 04, 2024
Fleet insurance claims – the common mistakes that could be costing you
Fleet drivers face challenges every day and accidents happen. But what are the most common fleet claims made by fleet managers and what can you to mitigate risks?
-
January 16, 2024
Transport and trade credit insurance: How to grow and protect your business
What if a customer can't pay for received goods or services? What happens to transported goods when the supply chain is disrupted?
-
October 30, 2023
AI’s cyber challenges and opportunities uncovered
Artificial Intelligence (AI) systems present advantages and opportunities for businesses thanks to advances in computing power. A team from Marsh came together at the recent Future Unlocked event to address the challenges and discuss how businesses can build cyber resilience.
-
October 25, 2023
Cybersecurity: Protecting farmers from cyberattacks
UK farmers face rising cyber threats, including phishing and AI risks. Prioritizing cybersecurity and insurance is crucial for protecting digitalized farming operations.